Through an updated healthcare endorsement for the CyberSelect^TM proprietary cyber policy, Brown & Brown can now offer extended cyber coverage for healthcare organizations. This extension will take the quality coverage already offered under the CyberSelect form and provide additional coverage not found in most typical policies, with limited exclusions.

For example, the extension covers corrective action, mitigating against loss or action required by the Department of Health and Human Services. This includes security risk assessments, HIPAA-compliant information through security document requirements and information security awareness training sessions. Additionally, it can add coverage for reputational damage due to privacy and network security events publicized in the media.

The endorsement also provides coverages that can help with business interruption and contingent business interruption loss. There is available coverage for employee overtime costs incurred from responding to regulatory inquiries, returning operations to their prior state and outages at technology providers or other companies providing goods and services. Christopher Keegan, Brown & Brown’s Cyber Product specialist points out that the coverage applies to outages at “business process” service providers such as Change Healthcare and would trigger contingent business income loss and additional costs coverage resulting from such events.

“With the Office for Civil Rights (OCR) reporting record numbers of data breaches, and quantity of records breached in 2023, it is critical that cyber insurance coverage responds as it is intended and addresses the impacts continuing to be seen as a result of a breach,” said Britt Eilhardt, Cyber & Technology Broker Leader for Brown & Brown. “As the cyber insurance market rates continue to moderate, this is an excellent time for insureds in the healthcare industry to extend coverage to avoid unforeseen obstacles in the event of a cyber incident.”

Observers of the cyber insurance market have been surprised by the magnitude of business interruption losses impacting healthcare providers in the last few years, with over $100MM in losses resulting from the most recent waves of ransomware attacks.

For healthcare organizations, cyber risks, claim expenses and potential damages differ from those of other industries. It is essential to have industry coverage specialists and claim professionals collaborate to evaluate the unique risks and craft coverage necessary for meeting the complex needs of healthcare organizations.

Brown & Brown, Inc. and all its affiliates, do not provide legal, regulatory or tax guidance, or advice. If legal advice counsel or representation is needed, the services of a legal professional should be sought. The information in this document is intended to provide a general overview of the topics and services contained herein. Brown & Brown, Inc. and all its affiliates, make no representation or warranty as to the accuracy or completeness of the document and undertakes no obligation to update or revise the document based upon new information or future changes.

 ©2024 Brown & Brown. All rights reserved.